man lcrash (Commandes) - linux crash dump analyzer
NAME
lcrash - linux crash dump analyzer
SYNOPSIS
lcrash [OPTION]...
lcrash [OPTION]... [ MAP DUMP KERNTYPES ]
lcrash -d DUMPDEV [ -s DUMPDIR | -e ]
DESCRIPTION
lcrash is a hands-on utility that generates detailed kernel information in an easy-to-read format. lcrash also provides the ability to generate reports about system crash dumps. Depending on the type of system crash dump, lcrash can create a unique report that contains information about what happened when the system crashed. lcrash can be run on live systems or with any MAP and DUMP specified on the command line.
MAP contains symbol table information needed for symbolic access to the system memory image being examined. The default MAP is /boot/System.map-<kversion>, which is used when analyzing a live system. The string <kversion> is replaced with the version string of the currently running kernel. If the memory image being analyzed is from a system core dump (dump.N), then MAP must be a copy of the map file that was valid at the time of the crash.
DUMP is a file containing the system memory image. The default DUMP is /dev/mem, which provides access to system memory when analyzing a live system. DUMP can also be a pathname to a file (dump.N) produced by lcrash run with the -s option.
KERNTYPES is a file containing kernel type information that lcrash needs in order to properly access kernel data in the system memory image. The default KERNTYPES is /boot/Kerntypes-<kversion> (with <kversion> replaced with the version string of the currently running kernel). This file provides access to kernel type information when analyzing a live system. KERNTYPES can also be a pathname to a file (Kerntypes.N) produced by lcrash run with the -s option.
OPTIONS
- -a, --dump-arch ARCH
- architecture of dump (one of 'i386', 's390', 's390x', 'ia64', default: same as host architecture)
- -d, --dump FILE
- dump file or (when using -s or -e) dump device (default: /dev/mem)
- -e, --erase
- erase dump from dumpdev
- -f, --failsafe
- start lcrash in failsafe way (i.e. omit certain checks and initializations)
- -g, --debug LEVEL
- debug level for lcrash
- -h, --help
- display help
- -i, --info
- display dump header of dump file (-d is mandatory)
- -I PATH
- path for include files (for libsial)
Specifies the path to search for #include directives in macro files. The default value for this path is ~/.lcrash/include:/usr/share/sial/lcrash/include. The environment variable LC_IPATH can be used for that perpose, too.
- -M PATH
- path for sial macros (for libsial)
Specifies the path to search for loading macros either on startup or when the 'load' command is issued at the lcrash prompt. On startup all files in these directories are loaded automatically. The default macro path is ~/.lcrash:/usr/share/sial/lcrash. The environment variable LC_MPATH can be used for that perpose, too.
- -m, --map FILE
- System.map of kernel in system dump (default: /boot/System.map-<kversion>)
- -n, --bound BOUND
- non-negative bound (for map.0, map.1 etc.)
If BOUND is given, lcrash tries to open the files map.BOUND, dump.BOUND and kerntypes.BOUND in the current directory.
- -p, --progress
- show progress, when retrieving dump
- -r, --report
- generate report, do not run lcrash interactive
- -s, --save DUMPDIR
- save dump from dumpdev into DUMPDIR/dump.x
- -t, --types FILE
- kerntypes file (default: /boot/Kerntypes-<kversion>)
- -v, --version
- display version info
- MAP DUMP KERNTYPES
- Specify MAP, DUMP and KERNTYPES at end of line. This usage is deprecated!
If '-m', '-d' or '-t' are used, their arguments have priority over the arguments specified with 'MAP DUMP KERNTYPES'.
EXAMPLES
- lcrash
- Start lcrash using the defaults (/boot/System.map-<kversion>, /dev/mem, /boot/Kerntypes-<kversion>).
- lcrash MAP DUMP KERNTYPES
- Start lcrash using old style parameter passing only.
- lcrash MAP DUMP KERNTYPES -a ARCH
- Start lcrash using old style parameter passing with specification of architecture of the dump.
- lcrash -m MAP -t KERNTYPES -d DUMP -a arch
- Start lcrash using new style parameter passing only.
- lcrash -d DUMP -a ARCH
- Start lcrash using defaults /boot/System.map-<kversion> and /boot/Kerntypes-<kversion> with dumpfile DUMP and specified dump architecture ARCH.
- lcrash -n BOUNDS -a ARCH
- Start lcrash using files ./map.BOUNDS, ./dump.BOUNDS and ./kerntypes.BOUNDS and specified dump architecture ARCH.
- lcrash -d DUMPDEV -s DUMPDIR
- Copy dump from DUMPDEV into DUMPDIR. The dump will be named dump.N. If the file DUMPDIR/bounds exists, the integer N is read from the file. Otherwise N is set to zero. After copying the dump N is incremented and written to DUMPDIR/bounds. This includes the creation of the file if not yet existent.
MACROS
C syntax macros can be used to create new commands and expand lcrash's functionality. They can be useful for commands that are specific to a site or engineering group and make it easy for everyone to chip in and expand the base lcrash distribution. Please refer to lkcdutils/README.sial and lkcdutils/libsial/README at http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/lkcd/ for more details on how to write new commands or on the sial interpreter itself (e.g. list of builtin functions, exceptions to the C syntax etc...).
- For a quick start, refer to the sample macro ps.sial in
- /usr/share/sial/lcrash.
NOTE
lcrash is in a continually evolving state; it is important to get the latest lkcd and lcrash RPM/patch files to keep on top of the latest changes.
BUG REPORTS
There are likely a number of bugs. Please report all bugs after reviewing project details located at http://lkcd.sourceforge.net/ to the following mailing list: lkcd-devel@lists.sourceforge.net
SEE ALSO
lkcd_config(1),